Car hacking: The next global cybercrime?
Car hacking: The next global cybercrime?
As modern cars evolve towards becoming fully autonomous, security experts are warning of a fresh form of cybercrime: Car hacking.
Car hacking- –where criminals can either remotely directly or take control of your car from their laptops – has become a thicker and fatter headache for car manufacturers and law enforcement figures as in-car technology becomes more sophisticated.
There are already thousands of semi-autonomous cars already on the market that contain in-car computer systems, or electronic control units (ECU), responsible for safety functions such as detecting skids, predicting crashes and performing anti-lock braking.
By 2020, car makers predict that cars could become fully autonomous and manufacturers such as BMW have already created self-driving cars.
However, along with other computer systems, in-car technology is not hacker-proof, as tests by academics and “white hat” hackers – those that break into computer systems to highlight security issues — have shown.
Demonstrating their Pentagon-funded work at the global “DefCon” hackers conference in Las Vegas in August, Charlie Miller and Chris Valasek demonstrated global security experts in attendance how they could take control of a two thousand ten Toyota Prius and Ford Escape model using just a laptop.
They were able to remotely take control of the cars’ electronic clever steering, braking, displays, acceleration, engines, horns and lights. They could even make the fuel tanks display a utter tank of gas when there wasn’t. To top it all, they did all this using an old Nintendo handset.
“Automobiles are no longer just mechanical devices. Today’s automobiles contain a number of different electronic components networked together that as a entire are responsible for monitoring and controlling the state of the vehicle,” Miller and Valasek stated in their research — “Adventures in Automative Networks and Control Units”.
“Drivers and passengers are rigorously at the grace of the code running in their automobiles and, unlike when their web browser crashes or is compromised, the threat to their physical well-being is real,” the authors stated.
“You cannot have safety without security.”
In 2011, researchers at the University of Washington and the University of California-San Diego were able to wirelessly hack into cars, however they withheld details of which cars they were able to “own” for fear of their skill being used by criminals.
The potential danger of car hacking and its use by criminals has not been lost on law enforcement bods in both Europe and the U.S., where the National Highway Traffic Safety Administration (NHTSA) has launched an auto cybersecurity research program investigating car hacking.
The director of the Europe’s Cybercrime Centre, a bod within the European Union’s law enforcement agency Europol, told CNBC that the potential for in-car technology to be hacked and used for organised crime, vengeance, profit and competitive advantage was superb.
“We are very worried about the direction of car hacking,” Troels Oerting told CNBC on Thursday. “Everyone [in the car industry] wants to make cars more helpful — for them to help with steering, parking, violating and even driving — but if you do this the downside is that someone will attempt to use this to their advantage and for criminals, this would generally be for profit or vengeance.”
“Wireless technology is integrated into practically everything nowadays and if there’s wireless access to anything there’s a possibility to remotely control it,” Oerting warned.
“We have already seen electronic devices being used to get into cars to steal them but the next step we could see is someone able to manipulate the car, steer and brake while you’re in the car and without your skill,” he said.
If a car could be remotely accessed, then, what was to stop organized crime groups “eliminating” their enemies by literally driving their car remotely off a bridge or cliff, Oerting said. In countries where carjacking was common, such as South Africa, remotely accessing the in-car technology could permit criminals to stop and open car doors very lightly.
Oerting said that car manufacturers were aware of the issues and that ultimately they were liable for the security – or lack thereof — of their vehicles.
Following the “hacks” by white hat hackers Miller and Valasek in Las Vegas this summer on the Ford and Toyota cars, the automotive industry has been keen to react and reassure consumers that they are tackling the security issues in their vehicles.
A spokesman for Ford Motors, Craig Daitch, told CNBC that “while an attack by a hacker who obtains physical access to a vehicle for a prolonged period of time is difficult to entirely diminish, Ford has made strides in limiting the ways a hacker can fully take control of a vehicle.”
Toyota’s public affairs manager, Cindy Knight, said meantime that “cyber-security is an significant issue for the entire automotive industry, from automakers to suppliers to the agencies that oversee motor vehicle safety,” she told CNBC.
“At Toyota, we take earnestly any form of tampering with our electronic control systems. We strive to ensure that our electronic control systems are sturdy and secure and we will proceed to rigorously test and improve them,” she said.
Despite their reassurances, however, there is no assure that a computer system is hack proof. “You will never know when criminals’ skill keeps up with the improvements to the technology,” Europol’s Oerting said.
“It’s significant that consumer and carmakers are aware of the downside to technological developments. You need people to be able to drive using this technology without fearing every five seconds that your car will be taken over.”
– By CNBC’s Holly Ellyatt, folow her on Twitter @HollyEllyatt